hxxps://na4[.]docusign[.]net/Signing/EmailStart[.]aspx?a=3b33a6df-e8e8-4867-a2fd-bc56f4aa0434&etti=24&acct=63dd7b88-976c-474d-944a-d925c73f51ac&er=67aa4d6d-074d-4c34-b609-0d46d22c42b1

Analysis

max time kernel
98s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/10/2024, 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://na4.docusign.net/Signing/EmailStart.aspx?a=3b33a6df-e8e8-4867-a2fd-bc56f4aa0434&etti=24&acct=63dd7b88-976c-474d-944a-d925c73f51ac&er=67aa4d6d-074d-4c34-b609-0d46d22c42b1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
3700	msedge.exe
3700	msedge.exe
348	msedge.exe
348	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 3964	3700	msedge.exe	77
PID 3700 wrote to memory of 3964	3700	msedge.exe	77
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 2548	3700	msedge.exe	78
PID 3700 wrote to memory of 4272	3700	msedge.exe	79
PID 3700 wrote to memory of 4272	3700	msedge.exe	79
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80
PID 3700 wrote to memory of 4184	3700	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://na4.docusign.net/Signing/EmailStart.aspx?a=3b33a6df-e8e8-4867-a2fd-bc56f4aa0434&etti=24&acct=63dd7b88-976c-474d-944a-d925c73f51ac&er=67aa4d6d-074d-4c34-b609-0d46d22c42b1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed5e23cb8,0x7ffed5e23cc8,0x7ffed5e23cd8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,15455592174799042081,7458679026114829767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
25KB

MD5
72b894ccd2a1349824be26c74169bc02

SHA1
7033e6f80eb591c2d556b411d3e5b87361cdc1c3

SHA256
ec10d562179623af25d5dc3e465f84968c76525ec8b9111c29b2f18ea1888c6b

SHA512
ff72263c14db90eb889dba8eae980b839295f8a43260aa55b53357e5a66d3b46c89d83388cb18b3ce1570a796889292c8610a7bc9fd19a6a6f4f8ca79116c658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b4eb5a8aa9deafc338d9a6fa6d915770

SHA1
83b15ce8f01440ce20cbf715784a5e6244573eed

SHA256
f373fcef4a7750fe9fbadc949377532bb7fc9a33aa0e4237f5547fad65ffe1a1

SHA512
39a4684f7dad63d2ccfeeb0fb102270c592b9d6072f2ee1e7747ae311e7d002b1689922b553fbe699c98cd54ff00040d150bad151c58ff9f6fa7df891589b302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6f9106060a7354f5d2a5e598c4735a47

SHA1
7ea2bfc0ccdc1ef61d58dce20aea661052a5587e

SHA256
f59c97c7645cb61d08cccb8fea70945b17c03a2bb53c06c29b060691ca61ca39

SHA512
4bc621cb1d78457a2ba439c6865d4459ecc906df047c44b8f4899ff15c2690eb9eb6334d29b1bd036e2d97a8b73d0cde4e4fc8e450333f96017f11bc80bcd6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
264B

MD5
378dd4af355d869deba82b3ea3658a04

SHA1
42352b6d52d22f2cebdf52fd7ff7e53b1146eebb

SHA256
df1ca0d90fdc93161f72c51150ad16d620aa3912e3c948e68080b0420272542b

SHA512
2c52e904ecc11e14a831c8706f6c29eb8c6aaaf0e3ddd948c0da4ec39ee691bccb15dacb32528f83f60798739fc085ffe91b1c9fb0d26ec61286504a31abc7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24a0f8cc3d05bddf95b0c7c9a41f3082

SHA1
3bb9f1675c6004132a5bb20aa74e994d2af69b62

SHA256
9c62b14ec97f151f58f235eae5b0ebfb82a82d54ca0ce8245770e6a7ad30a3cc

SHA512
9f330b5fe8554a5cd7a2e9d103976b33684a4af2084a862ed30b4d2fee27a68667eba1e7b00dbf709321b387262e84420e7a30e36f52ee2f51a72e3f8ed4bad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52c67bca8da550345d711de3a8180cf9

SHA1
c16aeba3a3400276f6f9ca7ac40dbd768781c4b7

SHA256
ea5f6ba06b15bbe73b9d3b0acdc12b8d73020aa57ac84e5428f7d687e2fe562b

SHA512
d7456c91effe07cd5bcea1c56545c3f79918078d47f4d9bd4b5d61940707c9a496d23bda1d665586ddd4cc7ce5eba8f44341e394b0937a431d0b7ad2fd52c510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e89928e82ce4015136002880cfd9fee1

SHA1
f3d138c6acfa05a1b6c517187e02ecdb5d6b08e7

SHA256
6f0f999bb65fede0cab907f0da32f9e927364bce9381d672c7a06f970643ab35

SHA512
594f16ff95073463f92f1371ea26598ea4bbeba4bedee055e9f9108dcd844f886a7dd0374cff7fea1a3f46ae1c57c96065aa51a3eaca7eadb61b51b1577c070e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f3a81443c441cf2a66dd2214e8ee04a

SHA1
94f926846c6ba6c0de6a80cd48c58e3acd6b26aa

SHA256
f2f4bf583cdef989372ac9efdc6ccf09103874d4afdec1c613a1ae14b8498ee3

SHA512
be791722bb204a27d2bf18e89b5564187751d9aef7ecc54be865c88662d86d44cbc501c736a5e8e0e924b7b6b53ec3e8dd87dde0bb33212584106abf499768ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
60ab1ac635bbc4d8863bf4b718c10173

SHA1
a8d76cb9b71c7e9247fb8cfd0c7152a9bf68b17f

SHA256
b1f65f216fb459f078fedab6ba5261598e71dfa0be6c9408b1b1aef130068996

SHA512
e51ad1bb2188b8013d6a7d88cd8cc738f550cb8357497cb27bed91f1add8cb35aadb14a2c1ce17088334c891f14ede6671a8d5a306e67c575d7ccff54028aa62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
c4ab7fa3fbb567fdce8053daf604a8ca

SHA1
c3bf4c8515078fd318b643e135e8c06e72be8bcf

SHA256
c4a5845fadf313bf3181cab4744fd21c37984f79f7c34d0936af9939ba9704d0

SHA512
19faab598052f74a9136210943b660757170292fc16cabce681feb88917d553c580889f3f3f9f0ca2931673cba114b94fb0745b2cba0fc1fcdf81ad65e131506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5887f8.TMP

Filesize
370B

MD5
753b8fd602d1ec2838c8e45e9a46d1a8

SHA1
138f1fdd4afa2f6671c346bbaddf7d5a89a13e13

SHA256
aec3e1a5d13d5aab95845af6c9ec2a07a517c14f3b2cbc80ad7857029fb31173

SHA512
92fbcf0ff39283553d309ba50026158c2cc295ab06bc6a10454b726780dba58780d75cecf3947808e704907efa44dbb53d0190089059f637b2d3fadd3018fb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f29f215f3a2fd71767a93b0f0b1052fc

SHA1
f7a9a7fc8544bf107d5e80f3f0d0aeb37bc7032a

SHA256
3eb94305f48484d58f61be0e65e754819618d8ae6dc6bf885a99972faca7ece3

SHA512
d562a33bd5df54cc19304154349107deb134bccc192b6f922924ca0c91aec070a1ba6a03d0cdfb6f3b4dd6d362e088e673a8c669e143df3d7748649b93b3ebee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5404ba50f4a345bd5980aa55213dbc68

SHA1
12754a47741198d1737e2ec52dbbaf51518de411

SHA256
e7452fd5ee90edd4789e343dff49fe32fb6341478c155929a58b209191350fc0

SHA512
96f0796e6ab6a9f5518a3c695b217aae8d516b00836db246510cd82503a8f39c8fcd92ecb86bc356e401d5fd6fce655794fb52485ef50a1b7db09fa6ea265371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f09f99b065254c540ed3d5b5f54656f

SHA1
a6ae26bec3be060e58e755a2ea15e42293fefce9

SHA256
40b7c4c9e76a31c8d35664d40cdc2304b6d4da0dea805c9f31c859506600bf37

SHA512
625b33a8175b955e82faf742a58984fb7efc77941df23ec079aeeab602cc78743cc9a86926f15def4defd881a51866c65a8132b0e4a913fb8c60c16cacf1f483

Download Submit